I'd like to have a user configured in kibana/elastic that has limited permissions. In this case the user should be able to insert data into elastic.
I believe that this will require a role. What I do not understand, cannot find are the permissions to attach to the role to give the required permissions?
The you will need to attach this role to a user to give them the privileges. Keep in mind that they are always additive, this means if a user has two roles, one with all privileges and one without any, they will be able to do everything because the two sets of privileges are merged.
There are no "minimum permissions" - you can freely configure what parts of Kibana and Elasticsearch are accessible for a user. The documentation can be found here: Security | Kibana Guide [7.15] | Elastic
maybe I am not being clear. I need to know what the minimum permission requirements are such that the user that uses that role would be able to insert data into elastic but nothing more.
So consider an empty elastic data store.
I add some metrics in metricbeat, the user configured in metricbeat then connects into elastic and inserts that data without error. I however cannot use that user to query those metrics. Ie least privilege.
What I do not understand and cannot find as the permissions that I add to a role that would meet this scenario.
I didn't understand the setup section in the docs but created a role and a user and it seems to be happily populating elastic, so thanks for the link. I can now do the same for the other beats, and I assume logstash.
This morning I am getting an error
[publisher_pipeline_output] pipeline/output.go:154 Failed to connect to backoff(Elasticsearch(...): Connection marked as failed because the onConnect callback failed: error loading template: failed to load template: couldn't load template: 403 Forbidden:...... this action is granted by the cluster privileges manage_index_templates,manage,all]"}]
This wasn't in your instructions, so what am I missing/mis understanding?
Did you run setup again, that error says that it could not load the template.
Which if you wanted to be very explicit would be the setup role.
But I suspect you still have template loading enabled (which after you run setup once you could disable) or you could disable template loading which many do for the actual beats running .. this prevents accidental overwriting of the template...
setup.template.enabled : false
So the Meta Process
Assuming you want all the least privelege
Intall Metricbeat
Configure for setup
Run Setup With The Setup User Roles on 1 host
Deploy to other host with template loading disable setup.template.enabled : false
Run these with the publishing role.
Right think of setup as Admin
Then all the others will run as publisher... but you need to turn off the template loading.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.